February 22, 2019
Data privacy in healthcare is much more than a regulation checkbox. It directly correlates to a sustainable, successful global healthcare system. In the continuous battle for better patient care and a business model that makes healthcare more affordable, information is king.
According to a study published by the Journal of American Medical Association (JAMA), the rising cost of healthcare is due to five primary factors:
These factors drive healthcare spending – which is skyrocketing. By 2022, global healthcare spending is expected to reach to just over $10 trillion annually worldwide. In the U.S. alone, healthcare spending rose nearly a trillion dollars over the past ten years.
The rising costs hurt consumers of course (as anyone who has been to the doctor lately can tell you), but they are also a painful reality for healthcare organizations. Administrators must determine how to deliver the best possible patient care, while remaining in the black.
In the search for a more sustainable business model to meet these competing demands, many geographies, the U.S. included, are now seeing an industry shift from the volume-based, fee-for-service model to a more patient-centric, value-based approach. The rationale behind it is that a sick person is already an expense; whereas to focus on wellness, prevention and early intervention is a mutually-beneficial partnership that reduces costs over the long-term.
To deliver on value, healthcare organizations must rely heavily on digital technologies, clinical innovations, virtual care and plenty of patient information. At this intersection, we find the increasingly-common phrase, ‘data is the new healthcare currency.’ For this reason, data privacy belongs at the center of any conversation about the business of health care.
Patients expect it. Regulators require it. Your reputation depends on it.
Beyond the value healthcare providers assign data for the purpose of patient care, cybercriminals also find great value in healthcare data records. One report says electronic healthcare records (EHR) are valued at $250 per record on the black market compared to the next highest priced record – a credit card – at just $5.40. With that kind of money in play, healthcare is a particularly attractive target for most hackers. It makes sense, then, that healthcare organizations see an average of 32,000 intrusion attacks per day, per organization as compared to 14,300 attacks per organization in other industries.
And the possibilities for cybercriminals to attack are growing as healthcare organizations’ threat surface expands. Caregivers and employees are more mobile, partnerships with third parties are more common, and medical devices are increasingly complex with new IoT technology.
Read: Are Hacked Medical IoT Devices Ransomware’s Next Target?
An attempt at your data is likely, and once breached, it will be costly. In their Annual Cost of a Data Breach Study 2018, the Ponemon Institute identified breach resolution costs (including detection and escalation, notification, post data breach response and lost business) to be highest for the healthcare out of any industry by far at $408 per record. The industry ranked second is financial services at a considerably lower price point of $206 per record.
These numbers don’t include regulatory fines that inevitably result with a confirmed breach. How non-compliance is handled is unique county-to-country but none of the fines come cheap. As regulations continually evolve and penalties multiply, it’s clear that data privacy needs to remain a top priority.
To learn more about how to avoid a costly breach and embrace the digital healthcare revolution, download the whitepaper: The Cost of a Data Breach in Healthcare.
Share this article